About us:We are champions of rail, inspired to build a future of travel. Trainline enables millions of travellers to find and book the best value tickets across carriers, fares, and journey options through our highly rated mobile app, website, and B2B partner channels.Great journeys start with Trainline 🚄Now Europe's number 1 downloaded rail app, with over 125 million monthly visits and £5.9 billion in annual ticket sales, we collaborate with 270+ rail and coach companies in over 40 countries. We want to create a world where travel is as simple, seamless, eco-friendly and affordable as it should be.Today, we're a FTSE 250 company driven by our incredible team of over 1,000 Trainliners from 50+ nationalities, based across London, Paris, Barcelona, Milan, Edinburgh and Madrid. With our focus on growth in the UK and Europe, now is the perfect time to join us on this high-speed journey.Introducing the Information Security Team at Trainline 👋As Head of Information Security Risk and Compliance, you will lead the development and management of Trainline's information security risk and compliance management framework. Reporting to the CISO, you will oversee a team of risk and compliance analysts and associates, driving the integration of governance, risk, and compliance practices throughout Trainline.This role sits at the intersection of technology, business operations, and assurance, ensuring the delivery of a comprehensive Framework to effectively manage risk and compliance aligned with our business risk appetite and legal and regulatory requirements. You will be responsible for ensuring adherence to key standards such as ISO 27001, ISO 22301, and PCI DSS, while identifying, assessing, and mitigating information security risks that could impact the business.In this critical role, you will collaborate closely with cross-functional teams including Legal, Engineering, and Procurement to embed risk management into daily operations and strategic initiatives. You will provide regular, insightful reporting to senior leadership and stakeholders, influencing decision-making and strengthening Trainline's security posture. As a key member of the Security leadership team, your remit will extend beyond risk and compliance to include shaping the security and privacy strategy, enhancing supplier risk processes, and fostering a culture of security awareness across the company. Your leadership and strategic insight will be essential in navigating the evolving regulatory landscape and supporting Trainline's growth ambitions with robust yet pragmatic risk management.As the Head of Information Security Risk and Compliance at Trainline, you will... 🚄Lead, evolve, and maintain Trainline's Information Security Management System (ISMS), Business Continuity Management System (BCMS), and Risk Management Framework, ensuring alignment with business strategy and regulatory obligations.Manage and develop the Risk and Compliance team, setting clear goals and cultivating an inclusive culture of accountability, continuous learning and collaboration.Develop and deliver concise, data driven risk and compliance reports for senior management and stakeholders, highlighting trends, emerging risks, and mitigation strategies.Act as a trusted advisor to executive stakeholders, providing actionable insight and guidance to support risk-aware decision-making.Partner with Legal, Privacy, Engineering, Procurement, and other functions to embed security, governance, and compliance into products, systems, and processes.Oversee third-party and supplier risk management, ensuring governance and controls are embedded throughout procurement and onboarding.Champion and scale security awareness and governance training programs to build a strong, security-first culture across Trainline.Own the development, communication, and maintenance of information security policies, ensuring alignment with evolving threats and compliance needs.We would love to hear from you if you have... 🔍A strategic mindset with strong leadership skills and a passion for driving robust governance, risk, and compliance frameworks.Extensive experience in information security risk management and compliance, with a proven ability to develop and implement comprehensive risk and compliance programmes aligned with industry standards and regulatory requirements.A proven record of leading and developing high-performing teams, setting clear goals and cultivating accountability and continuous improvement.A strong understanding of key standards including ISO 27001, ISO 22301, PCI DSS, GDPR, and other relevant regulatory requirements.Excellent communication skills, with the ability to present complex risk and compliance information clearly to senior leadership and stakeholders.Strong analytical and critical thinking skills, capable of identifying risks, evaluating controls, and recommending effective mitigation strategies.Experience integrating risk management processes into business operations, including supplier and third-party risk assessments.A collaborative, solutions focussed approach and the ability to work cross-functionally with security, engineering, procurement, and business teams to embed security and compliance requirements.Track record of delivering actionable risk reporting and advisory support to executive teams, influencing strategic decision-making.More information:Enjoy fantastic perks like private healthcare & dental insurance, a generous work from abroad policy, 2-for-1 share purchase plans, an EV Scheme to further reduce carbon emissions, extra festive time off, and excellent family-friendly benefits.We prioritise career growth with clear career paths, transparent pay bands, personal learning budgets, and regular learning days. Jump on board and supercharge your career from day one!Our values represent the things that matter most to us and what we live and breathe everyday, in everything we do:💭 Think Big - We're building the future of rail✔️ Own It - We focus on every customer, partner and journey🤝 Travel Together - We're one team♻️ Do Good - We make a positive impactWe know that having a diverse team makes us better and helps us succeed. And we mean all forms of diversity - gender, ethnicity, sexuality, disability, nationality and diversity of thought. That's why we're committed to creating inclusive places to work, where everyone belongs and differences are valued and celebrated.Interested in finding out more about what it's like to work at Trainline? Why not check us out on , and !
